Fake IDs: How banks can spot and stop synthetic fraud
Though they are good and bad guys, respectively, lenders and fraudsters share one goal: to grow their enterprises. And as the lending landscape evolves, fraudsters know they must change how they operate to stay in the game. Consumer lending has made it difficult for fraudsters to perpetrate their crimes thanks to standards such as EMV chips for point-of-sale transactions. This limits a fraudster’s ability to replicate a traditional magnetic stripe credit card, a once common and effective scheme.
But when one well dries up, criminal minds search for another. In 2011 the Social Security Administration (SSA) began to randomly issue Social Security numbers—which ironically may have helped fraudsters’ to pivot their way to more profit. By trying to safeguard consumers’ identities through random assignment, the SSA helped fraudsters cultivate a theft tactic known as “synthetic fraud.”
While the variations of synthetic fraud are many, at its core lies the fictitious identity of a person who doesn’t exist. While synthetic fraud came on the scene more than a decade ago, all indications show that this phenomenon is on the rise. In the years to come, lenders will need to constantly innovate to stay ahead of fraudsters seeking new loopholes to exploit.
It’s not all that expensive to hatch an identity, and yet it can generate profits beyond any stock market rally. A BAI Banking Strategies podcast revealed how an initial investment of $79.99—the typical cost of a budget vacuum cleaner—can suck up ill-gotten gains of $107,269.63, on average.
The problem of synthetic identity fraud has become serious enough for legislators to take notice. In May 2018, as part of the Economic Growth, Regulatory Relief, and Consumer Protection Act, Congress adopted legislation that will allow for electronic identity verification (real-time or batch) through the SSA. This provision is designed to help reduce identity fraud but by no means represents a silver bullet. The legislation is subject to a viable SSA implementation process. And interpretation of the current law means many organizations that currently initiate consumer transactions (such as fintechs, telecommunication providers and non-bank lenders) will not have access to the service.
Staying a step ahead of fraudsters is critical and it can be difficult to distinguish a true consumer from an identity fraudster. What happens when new credit entrants and synthetic identities collide? Let’s look at how the similarities in credit-seeking behavior between these two groups may impact lenders in their quest to grow portfolios in a saturated market.
Synthetic ringer? Or true consumer?
The consumer lending space is extremely saturated and competitive as lenders race to become the preferred and trusted financial institution for consumers. To grow in this competitive space, lenders have expanded their target audience to consider more “new entrants”: consumers with little to no traditional credit history. From a demographic perspective they are either young adults (e.g., millennials) or recent U.S. immigrants. Both segments can return major profits if targeted and managed effectively.
But when lenders pursue these consumers, the elusive synthetic identities are consequently targeted. Herein lies the problem.
Fraudsters will try to create a credit footprint any number of ways, including credit piggybacking (where a person is added as an authorized user to another account) or establishing credit with a lender who will approve “credit invisibles” (those the national credit reporting agencies cannot score). In either case, the synthetic identity mirrors that of a new entrant.
For example: Did a parent add a child heading off to college to their credit card account or a fraudster pay a for-profit service to be added to a stranger’s account? Is this a legitimate thin-file consumer or a fraudster trying to establish a credit account they can later exploit?
The synthetic identity will also appear to pass all guidelines set forth by the Federal Financial Institutions Examination Council (FFIEC) for know your customer compliance (KYC). Per the FFIEC’s guidelines, KYC compliance requires that financial institutions compare the information customers provide with that obtained from a consumer reporting agency, public database or other source. This method would inadvertently verify the synthetic identity, allowing the criminal access to credit. Unfortunately, once the initial credit gets established, larger lines of credit become easier to obtain.
In a recent study, we found that the natural growth rates of new credit applications with possibly new SSNs more than doubled within the five-year period after randomization. Fraudsters who exploited the new system likely caused this, thanks to bogus numbers now indistinguishable from valid SSNs issued since 2011. This analysis demonstrates the danger and higher likelihood that a potential new credit entrant may actually be a fraudster. Before randomization, newly issued numbers represented roughly 2.5 percent of applications over a five-year period; after, that number more than doubled to about 6 percent.
Putting it all together: Sinking synthetic fraud
So how do you discern a new entrant from a synthetic fraud? Synthetic identities take various forms, but the profiles share commonalities. As with most types of fraud the fraudster must have a common link, which is typically the contact information: address, phone or email. Using a robust link analysis to determine irregularities in the relationships between people and their individual identity elements (such as, contact information) can help assess these risks. For example, an applicant’s date of birth associated with a significant amount of phone numbers indicated a six times higher risk of synthetic fraud. Such leading indicators allow for a more accurate assessment of synthetic identities.
Defending your portfolio against these growing challenges is paramount to your business success. Targeting new entrants can help grow your portfolio but at the same time, it is important to avoid the introduction of potential fraud. A lending organization’s level of sophistication will determine their success in identifying new entrant prospects.
Using tools to approve low-risk and profitable new entrants may not be enough. Your strategy may require more refinements to exclude synthetic identities. For as this synthetic fraud continues to grow, there is nothing fake about the danger.
Want more Banking Strategies? Sign up for our free newsletter!